Trying to get code together to basically take data from a HTML form, capture it and save it in a database but i've got errors on lots of different lines and worked my way through but are now stuck on line 16.

Cannot for the life of me see whats wrong here, could someone please kindly advise? thanks in advance:

I have added the "mysql_real_escape_string" function to all of your inserted variables. This is used to prevent SQL Injection. If you don't know what that is read up on it .

I have also removed all of the assignments you did at the beginning, they were not being used in the query. If you were trying to use that section of code to validate the inputs, we can deal with that in another post.

Now in my next post I will go through some things you can do to improve upon this....

So the first thing I am going to address is your from construction. I will talk about each field to point out some things that will allow you to improve the data from your form.

Your first field is "Runner ID" this is actually put together correctly. You will need to validate after submit to ensure that this is a valid value. Assuming you are talking about the Bib Number you can use this code in your PHP to check if the value is an integer:

Next field you are using is Event ID. This should probably be a drop down menu. The reasoning is, there are going to be a limited number of Events and it simplifies the user's input to "choose one of these" which is harder to screw up:

Moving on to your third value, Date. Normally I have a JQuery script I run that forces the user to choose a date from a calendar which then pushes the chosen date into a field using the format I want. An easier way to do this is to separate the date field into 3 separate drop down menus: one for Year (2011-2020), one for month(Jan-Dec), one for date(1-31). This will allow you to limit the user's choices to mostly correct values, and you can validate the date on the back end. The code for each drop down is the same as the above code segment. You will just need to alter the options and you would want to give each menu a different name.

On submit of the 3 date fields you will need to validate just in case the user chose nothing or chose a date like February 31st. You can do that with this code:

Moving along you should apply the same logic to the "Finish Time" field. You can give the users sane fields for hours(0-24), minutes(0-59) and seconds(0-59). You would only have to validate that none of the fields are blank since there are not any unacceptable values to choose from.

Position should probably be treated like the RunnerID field. Just validate that the entry is an integer.

Category and Age Grades should be treated just like the Event field. Give the users a choice instead of expecting them to enter legitimate values.

The last field "Personal Best" should be changed to a check box field.

You can also add some html to the form to back this up, e.g. you could use a datalist with a required attribute instead of a dropdown. This is supported in Firefox and Opera, otherwise it just shows as an input box. I believe that the 'required' attribute works in everything except IE.

You can also use the 'number' type to provide some pre-validation of the numbers (or dates if you opt for a separate year/month/day approach). Again this works in most browsers (I believe Firefox and IE treat it as a regular input).
<input type="number" name="quantity" min="1" max="5" />

Adding validation was the next step in the process and the points you made are exactly what I need!

Before this though I need to get my php code working correctly to take the data from the html form and add it to the database, currently I have an error on line 16 of my php code which is preventing the code being saved to the database. The database has already been setup on an online server and from what output I currently get, connecting to the database is fine, the problem I got is line 16 throws an error.

If you have to check for the non-compatible browsers anyway, why would you execute extra checks on the compatible browsers? You are essentially punishing those with compatible browsers with slightly longer processing time at no added benefit.

the extra html doesn't add to the processing time. Try it on a new browser, it won't even let you submit the form if a required checkbox isn't filled out. The extra benefit is just that: you don't have to wait for the page to process to tell you you're missing something.

That validation is executed client side, it is basically JavaScript validation in how it is executed. So you validate using your browser instead of JavaScript, but the validation is still executed on the user's PC. Then after it has been validated you still have to deal with the server-side validation that has to be there since there is not 100% browser compatibility.

Additional processes are consumed, they just aren't consumed on your server. They are instead consumed on the typically MUCH SLOWER, user PC.

It's not javascript because it still works in the browser if javascript is disabled. Anyway, a tiny bit of script (whatever it is) on the client side that is done before the form I think will always provide a better user experience. That surely is why all of these things were added in html5 in the first place because previously people were using ugly javascript which was sometimes slow to do the same thing.

They designed these elements into HTML5 because the JavaScript is exploitable. I can in 5 minutes get past any JavaScript validation that doesn't bounce off of PHP.

I know it's not JavaScript that's why I pointed out that the Browser is doing the validation not JS.

The point is that regardless, you have to validate the variables using PHP since you can't guarantee the user is going to use an HTML 5 compatible browser.

Why introduce an extra step to the process? The only justification is, as you said, user experience. Since the validation is done without a full refresh they don't have to deal with network latency to figure out if they have correctly filled out the form.

Even when this is fully adopted, since the validation is happening on the client and not on the server, it is still very insecure. When you are dealing with database transactions that is not something you want.

Arguably the HTML 5 elements are easier to bypass than the JavaScript, but only slightly.